AnsweredAssumed Answered

Session resumption NO after enable TLS 1.2

Question asked by Bob van der Sluis on Oct 25, 2012
Latest reply on Dec 11, 2012 by Ivan Ristić

Hi,

 

I have enabled the TLS 1.2 and TLS 1.1 protocol and disabled weak Cipher Suites. The test from the website is done before and after this change. After the change "Session resumption No (IDs assigned but not accepted)" was there, befote the upgrade ir was "Session resumption Yes" What is wrong? I overlook somthing, there must be something in the combination Protocol and  Cipher Suites. The webserver is IIS 7.5 on Win2008R2. I post both test results.

 

Before the change:

Protocols
TLS 1.2 No 
TLS 1.1 No 
TLS 1.0 Yes 
SSL 3.0 Yes
SSL 2.0 No


Cipher Suites (SSLv3+ suites in server-preferred order, then SSLv2 suites where used)
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128

  "Session resumption Yes"

 

After the change:

Protocols
TLS 1.2 Yes 
TLS 1.1 Yes 
TLS 1.0 Yes 
SSL 3.0 Yes
SSL 2.0 No


Cipher Suites (SSLv3+ suites in server-preferred order, then SSLv2 suites where used)
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128

"Session resumption No (IDs assigned but not accepted)"

Outcomes